Thursday, 22 June 2017

When performing a file transfer generally we all opts FTP, but security is not negligible kind of thing so we will have to opt secured version of FTP namely FTPS or SFTP. However, you may ask what is the difference between these two protocols?

FTPS

FTPS is actually FTP with SSL in addition to the security side that it brings. The use of SSL allows requiring the use of a certificate to secure communication between the client and the server.

Generally FTP explicit encrypted connections. Therefore, the connection is on port 21 (standard) and then the command “AUTH TLS” or “AUTH SSL” is sent to the server to ask for encrypting the transfer orders. Then, a second command named “PROT P” is sent to the server to encrypt the data transfer.

The use of FTPS means that the remote FTP server is configured to manage secure connections.

SFTP

SFTP meanwhile means: SSH File Transfer Protocol and Secure File Transfer Protocol. In fact, this protocol is designated as an extension of the SSH protocol that allows the transfer of files. With this FTP transfer we could talk encapsulated in a secure SSH tunnel.

It only uses the SSH port (22), both for the transfer of data for monitoring.

Conclusion

In both cases, the objective is to add a layer of security through SSL/TLS or SSH. Thus, on the one hand we can use “X.509 Certificates” with FTPS, secondly, we can use SSH keys to manage the security of trade.

Moreover, in the case of SFTP using a single connection since everything happens in the SSH connection, whereas in the cases of FTPS it is necessary to open two connections.

The operation of the FTPS means that the connection is not secure from the start. Indeed, it is only when the server receives the request for encryption and begins to quantity. Conversely, with the SFTP encryption is operational from the start thanks to the presence of SSH to connect to the remote FTP server.

Finally, we would end by saying to developer that the .NET Framework does not include the SFTP support.